Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort behind an initial firewall

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cjbujold
      last edited by

      Trying to configure snort on PFsense when the pfsense box is behind an initial firewall.

      The setup is the ISP Internet connection comes in a  first router and some Internet traffic is directed to the PFSense box hosting snort.  Essentially the PFsense box is receiving the internet via a 192.168.172.4 WAN connection and a 192.168.172.100 gateway to the PFsense box/Lan which is 192.168.30.1.

      The issue is snort blocks the traffic from  192.168.172.100, since i presume,  it thinks it is an invalid IP.  How can I tell snort to accept all traffic from this IP and gateway but to check it and not lock out the gateway in the process.

      When I turn on Snort it blocks the gateway with various rules coming or going out to an Internet address.

      Thanks for the help!

      1 Reply Last reply Reply Quote 0
      • J
        jonesr
        last edited by

        With the timing of your post, it may have nothing to do with being a rear firewall - http://forum.pfsense.org/index.php/topic,60329.45.html

        Many found their WAN IPs blocked regardless of whether they were whitelisted. Uninstall and reinstall seems to fix the problem.

        pfSense AMD64 VGA - Assume latest version.
        Suricata, pfBlockerNG, SquidGuard, squid3.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.